Snippet Permissions
Snippets in primedocs are divided into three categories that differ in visibility and who can manage them.
Snippet Categories
| Category | Description | Who can read | Who can write |
|---|---|---|---|
| Design (template snippets) | Snippets embedded in templates. Used by the template engine during document generation. | All users (invisible in the UI) | Template Admin, Sys Admin |
| Shared (public snippets) | Snippets shared across an organisation or department. Visible and insertable by end users. | Users with explicit read access | Users with explicit write access, Snippet Admin, Sys Admin |
| Private (personal snippets) | Snippets created by individual users for personal use. | The owning user only | The owning user only |
The WordContent and FormattedText snippet types for layouters are stored in the Design category. End-user snippets (classic types) can be stored in all three categories.
Roles
| Role | Capabilities |
|---|---|
| Sys Admin | Full access to all snippets in all categories. |
| Template Admin | Can create and edit all Design snippets. Can also manage Shared snippets if given explicit write access. |
| Snippet Admin | Can manage all Shared snippets without needing explicit write access per item. Cannot access Private snippets. |
| User | Can read Shared snippets they have been granted access to. Can write Shared snippets they have been explicitly given write access on. Can fully manage their own Private snippets. |
Access Rules for Shared Snippets
Access to Shared snippets is controlled at the level of individual snippets and snippet groups (folders).
Read access is granted when:
- The user has read access on the item itself and all parent groups, or
- The user has write access on any parent group, or
- The user is a Snippet Admin or Sys Admin.
Write access is granted when:
- The user has write access on the item or any parent group, and the topmost group with write access is also readable by the user, or
- The user is a Snippet Admin or Sys Admin.
An item without explicit permissions inherits from its parent group. Once permissions are explicitly defined on an item, inheritance from above is broken for that item.
Structuring Groups for Partial Access
If you want to grant a user access to a sub-group but not to the items in the parent group, create an additional sub-folder:
Management
├── Announcements ← accessible to all staff
└── Internal ← restricted to management only
├── Snippet A
└── Snippet B
Grant the restricted user read access on Announcements only. The Internal folder and its snippets remain invisible to them.
Assigning Permissions
Snippet permissions are assigned in the primedocs Admin Dashboard under Snippets. Select a snippet or group and configure the access rules via the Permissions panel.